In Security Command Center, understanding the difference between resources and assets helps you manage security findings and investigate issues more effectively.
The difference between a resource and an asset
- Resource: A Google Cloud resource refers to the physical or logical entity that you create in your cloud environment, such as a Compute Engine virtual machine instance, a Cloud Storage bucket, or a BigQuery dataset.
- Asset: An asset is a security-centric representation of a resource that Security Command Center monitors. Security Command Center uses the asset to track the historical state and security context of the resource when the configuration changes.
For more information about resources and assets, see Asset types.
The role of Cloud Asset Inventory
Security Command Center uses Cloud Asset Inventory as its primary source of truth for assets. When you use the Assets page in the console, the console displays asset metadata and details provided by Cloud Asset Inventory.
After you create, modify, or delete a Google Cloud resource, the change is updated in Cloud Asset Inventory, and then Cloud Asset Inventory sends data to Security Command Center. For more information, see Inspect assets monitored by Security Command Center.
Representation of assets in findings
Findings in Security Command Center include information about the affected resource. In the finding details panel, look for fields in the Affected resource section, such as Resource display name or Resource full name. These fields identify which resource has the vulnerability or misconfiguration, or is the target of a threat.
Ways to work with assets
In Security Command Center, you can use assets to manage findings, prioritize issues, and respond to threats in your environment. You can check, analyze, and manage assets in the following ways:
- Inspect and query assets: view all monitored assets, run custom queries, and inspect specific asset details (such as metadata, IAM policies, and change history) in the Google Cloud console. For more information, see Inspect assets that are monitored by Security Command Center.
- Review and manage findings: identify the affected resource for a specific security finding, review its context, and follow remediation guidance. For more information, see Review and manage findings.
- Investigate and respond to threats: investigate compromised resources, correlate asset change history (such as new service accounts or modified IAM policies) with threat detections. For more information, see Investigating and responding to threats.
- Examine exposed resources in issues: to help prioritize and remediate high-severity issues, view the exposed resources that are associated with a detected security issue. For more information, see Manage and remediate issues.
- Define high-value resource sets: to classify high-value resource sets (such as production databases or sensitive projects), define resource value configurations. Doing so helps prioritize findings and assess overall attack exposure. For more information, see Define and manage your high-value resource set.